App Services
      Back to home
      1. CNS Policies
      2. Azure Knowledge Base
      3. App Services

      .NET Framework Version Not Latest

      Risk Level: Medium

      Description  

      This plugin ensures that the latest version of the .NET Framework is installed for all App Services. Installing the latest version of the .NET framework will reduce the security risk of missing feature updates and security patches.

      Configuration Parameter

      Latest .NET Framework Version: This parameter denotes that the latest version of .NET Framework should be installed on all AppServices.An alert is generated if the .NET Framework is not latest. Installing the latest version of the .NET framework will reduce the security risk of missing feature updates and security patches.

      By default the value is set to 4.0, therefore the versions any other than the version before 4.0 will result in vulnerability.

      About the Service

      App Services: The app services at azure offers to host web applications, the REST API and backend services for mobile and web applications. Hosting web apps on Azure lets users focus on managing the application and its data. 

      Impact 

      The latest version of any software comes not only with improved features but also with security patches for loopholes that existed in the previous versions. Thus, selecting older versions of Software in the runtime stack provides threat actors with a loophole to damage and misuse the application’s resources and assets.

      Steps to Reproduce

      1. Log in to the Azure portal.
      2. Click on App Services.
      3. Select an App Service plan from the listed apps.
      4. Click on Configuration under Settings.
      5. Go to the General settings section.
      6. Under Stack settings, if the Stack is set to .NET, then check the set version. If the value is set to an older version, go to the Steps for Remediation section to remove the issue.

      NOTE: As of November 27, 2021, the latest version for PHP is .NET 6

      Steps for Remediation

      1. Log in to the Azure portal.
      2. Click on App Services.
      3. Select an App Service plan from the listed apps.
      4. Click on Configuration under Settings.
      5. Go to the General settings section.
      6. Under Stack settings if the Stack is set to .NET, then check the set version. If the value is set to an older version, click the drop down menu in front of .NET version and select the latest available version.
        NOTE: As of November 27, 2021, the latest version for .NET is .NET 6.

      7. Repeat the process for other applications as well.

      Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

      Thanks

      PingSafe Support